Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11272 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
ISO 27001 certification
Thanks very much rhandleal. -
ISO 27001 and ISO 27002
Answer: Since you mentioned your current role is heading IT infra, I'd suggest you pursue first ISO 27001 knowledge, because it can help you understand how justify and prioritize which security controls should be implemented and how they should be managed, activities more related to your role. Additionally, if you are considering ISO implementation, ISO 27001 is the standard to be considered, since ISO 27002 is not certifiable.
ISO 27002 focuses on details and recommendations to be observed for implementing ISO 27001 Annex A controls, and are more recommended for technical and operational personnel.
This article will provide you further explanation about ISO 27001 and ISO 27002 standards:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
These materials will also help you regarding ISO 27001 and ISO 27002 standards:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Smq in a power plant
Hi and thank you for all what you give for us. Please im now folowing a project of implementing an smq with a consultant in one of our power plant, and we have many problems : 1. We have chose à wrong project manager. And now we are in the description of the processus and interaction. Can we remove him and replace by an other? 2. The consultant at gap analysis didnot use the documentary audit. He only made the interview !. When I asked him. He told me I will do it letter. Iis it a problem ? 3. When they describe the processus. They add a processus of social partener. Even its dont influence the smq. Is it correct? 4. The consultant has proposed a quality policy without see the policy of the power plant! Can it possible ? Thank you in advance -
ISO 9001 document requirements for a repair shop
Thank you for any help you can offer.
Answer:
The requirements for document and records are the same regardless of the size of the company, but this new version of ISO 9001 allows you to decrease the amount of documentation. There are no requirements for SOPs and WI, so you can decide by yourself what SOP and WIs are worth documenting. I would suggest you to document them only for activities and processes that are complex and have higher chances of nonconformities. The more competent employees you have, the less documents you need.
For more information, see: Deciding Which Procedures to Document in QMS https://advisera.com/9001academy/blog/2013/11/26/deciding-procedures-document-qms/ -
Making simple EMS system
Answer:
The essence of the EMS (Environmental Management System) is control of significant environmental aspects. In order to control them you need to identify them first and distinguish significant and insignificant environmental aspects by applying some criteria for evaluation. Once you determine significant environmental aspects, you need to establish operational controls and monitor their effectiveness.
When you have operational control established, you can later add other requirements of the standard and have entire EMS compliant with the standard, but for begining, this can d o the trick.
For more information, see: Defining and implementing operational control in ISO 14001:2015 https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/ -
Learning ISO 27001:2013 from scratch
Answer: The best would be to start with this free online training ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ - there you will learn the basics of ISO 27001:2013, as well as the auditing techniques. -
Assets analysis
Answer: For ISO 27001 all assets are valued regarding the impact of loss of confidentiality, integrity and availability of the information. Such valuation is performed during the risk assessment process.
So when you think about General Manager you have to think about the potential impact if the confidentiality, integrity or availability of the information the manager needs to perform his function, or creates and provides as result of his work, is endangered.
2. For Software Asset dependency, its goes the same?
Answer: Yes, you can have the same approach: the potential impact on information the software needs to perform its function or, on the other way, the impact on information the software creates and makes available to organization.
This article w ill provide you further explanation about asset management:
- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
These materials will also help you regarding asset management and risk assessment:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/ -
Emergency release
Answer: Change Management is (as it's name implies) - only a management process. It doesn't implement anything (physically). Namely, Change Management uses Release and Deployment Management process to implement changes. That's, also, true for Emergency Changes. So, Emergency releases are related to Emergency changes (rather than to declare the as being the same thing). This article explains Emergency Changes: "How to manage Emergency Changes as part of ITIL Change Management" -
Defects and reworks
Answer:
In any case you need to enable traceability of the part, which means if you closed the DR (Discrepancy Report), it must contain information on what further steps will be taken with the product, in this case rework. Even when the rework doesn't fix t he defect, the company can decide to re-purpose the product or deliver it to the customer under concession.
I assume that the rework procedure includes the quality check and if the product is still not meeting the requirements and cannot be sent to the customer, the only way to handle it is to declare it nonconforming product and disposition it accordingly.
But, in any case, you need to maintain traceability of the part in all processing stages until delivery to the customer or disposition as a nonconforming product.
For more information, see: Understanding dispositions for ISO 9001 nonconforming product https://advisera.com/9001academy/blog/2014/11/18/understanding-dispositions-iso-9001-nonconforming-product/ -
Risk management tools
Answer: Since we work with ISO standards, we do not suggest specific solutions to be implemented (each organization is unique in its needs and any suggested software may not be the most proper choice without a detailed evaluation), but we can suggest market recognized players in this industry you can consult:
- https://www.computerweekly.com/feature/Risk-Management-Software-Essential-Guide
Additionally I can suggest you this material to help perform a structured evaluation: Quantitative Methods for Software Selection and Evaluation ftp://ftp.cert.org/public/documents/06.reports/pdf/06tn026.pdf
This article will provide you further explanation about tools for ISO 27001 and ISO 22301:
- When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/